Lesson Plans
Windows Server 2008 Enterprise
Administrator
(Exam 70-647)
Table of Contents
Course Overview .................................................................................................. 2
Section 1.1: IP Addressing .................................................................................... 3
Section 1.2: Name Resolution .............................................................................. 5
Section 1.3: Single-label Name Resolution ........................................................... 7
Section 1.4: NPAS ................................................................................................ 9
Section 1.5: Remote Access ............................................................................... 11
Section 1.6: NAP................................................................................................. 13
Section 1.7: Remote Desktop Services ............................................................... 15
Section 1.8: Application Delivery ........................................................................ 17
Section 2.1: Active Directory Design ................................................................... 19
Section 2.2: Functional Levels ............................................................................ 21
Section 2.3: Trusts .............................................................................................. 23
Section 2.4: Operations Masters ......................................................................... 25
Section 2.5: Sites ................................................................................................ 27
Section 2.6: Groups ............................................................................................ 29
Section 2.7: Group Policy ................................................................................... 31
Section 2.8: Authentication ................................................................................. 33
Section 3.1: Upgrade and Migration.................................................................... 35
Section 3.2: Branch Office Design ...................................................................... 37
Section 3.3: PKI Design ...................................................................................... 39
Section 3.4: Interoperability ................................................................................ 41
Section 4.1: High Availability ............................................................................... 43
Section 4.2: AD DS Recovery ............................................................................. 45
Section 4.3: Update Infrastructure ...................................................................... 47
Section 4.4: Auditing ........................................................................................... 49
Section 4.5: Virtualization ................................................................................... 51
Section 4.6: Data Security and Access ............................................................... 53
Section 4.7: Collaboration ................................................................................... 55
Practice Exams ................................................................................................... 57
Appendix A: Approximate Time for the Course ................................................... 58
Appendix B: Changes to the 647 Course for 2008 R2 ........................................ 60
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
1
Course Overview
This course prepares students for Exam 70-647: Pro: Windows Server 2008,
Enterprise Administrator. It focuses on designing, configuring, protecting and
maintaining the infrastructure of an enterprise system, strategies to provide
single-label name resolution,
Module 1 – Network and Application Services
In this module students will learn about methods to configure IP addressing, tools
to help in designing a DNS solution, and using the Network Policy and Access
Services (NPAS) role to provide services for configuring network access for LAN
and remote clients. Students will also learn about remote access, using Network
Access Protection (NAP) to regulate network access based on a computer’s
compliance with health requirement policies, using Remote Desktop (RD)
Services, and methods to simplify and centralize application deployment.
Module 2 – Core Identity and Access Management
This module discusses guidelines for designing an Active Directory logical
structure, the basics of functional levels, understanding trusts, and the role of
operation master roles. Students will also learn about designing sites and
subnets, using groups to assign permissions, and using Group Policy settings to
assign computer and user settings, and authentication to validate the identity of a
user.
Module 3 – Support Identity and Access Management
In Module 3 students will learn how about upgrading and migrating the Active
Directory structure, designing a branch office, designing a PKI solution, and
providing interoperability between organizations.
Module 4 – Business Continuity and Data Availability
Module 4 teaches the students about providing high availability with Network
Load Balancing (NLV) and Failover Clustering, implementing recovery for Active
Directory, and designing an update solution. Students will also learn about
auditing a system, using Hyper-V as the virtualization solution, protecting data
and making it available for users, and using SharePoint collaboration tools for
developing Web-based applications.
Practice Exams
In Practice Exams students will have the opportunity to test themselves and
verify that they understand the concepts and are ready to take the certification
exam.
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
2
Section 1.1: IP Addressing
Summary
This section discusses the following details of IP addressing:






Methods to configure IPv4 configuration settings on a host system:
o Static (manual assignment)
o Dynamic Host Configuration Protocol (DHCP)
o Automatic Private IP Addressing (APIPA)
o Alternate IP configuration
Methods to configure IPv6 configuration settings on a host:
o Static full assignment
o Static partial assignment
o Stateless autoconfiguration
o DHCPv6
Strategies to provide DHCP for multiple subnets:
o DHCP server on each subnet
o Mutihomed DHCP server
o BOOTP forwarding
o DHCP relay agent
Strategies to provide fault tolerance for a DHCP server:
o Split scope
o Failover Clustering
Strategies for deploying IPv6
o Dual stack
o Tunneling
 Manually configured tunnel
 Intra-site Automatic Tunnel Addressing Protocol (ISATAP)
 6-to-4 tunneling
 Teredo tunneling
PortProxy
Students will learn how to:




Configure static and automatic IPv4 addressing.
Specify an alternate IPv4 configuration.
Configure split scopes on multiple DHCP servers.
Configure a DHCP relay agent.
Windows Server 2008 Enterprise Administrator Objectives

101. Plan for name resolution and IP addressing.
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
3
Lecture Focus Questions:








When does a Windows computer use APIPA? What are its limitations?
What is the purpose of an alternate IPv4 configuration?
How can you provide DHCP services to clients on subnets that do not
have a DHCP server?
What is the difference between placing a DHCP server on each subnet
and using a multihomed server?
How many DHCP relay agents should be placed on a single subnet?
What limitations does ISATAP have for IPv6 implementation?
Which IPv6 tunneling methods work through NAT?
When should you implement Teredo?
Video/Demo
1.1.1 IP Addressing Design
Time
11:48
1.1.4 IPv4 and IPv6
3:51
1.1.6 Implementing IP Addressing
6:32
Total
22:11
Lab/Activity



Configure Automatic and Alternate Addressing
Add a DHCP Server for Fault Tolerance
Configure a DHCP Relay Agent
Number of Exam Questions
6 questions
Total Time
About 55 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
4
Section 1.2: Name Resolution
Summary
This section explores details about name resolution:



Configuration options when designing DNS solutions:
o Primary zone
o Secondary zone
o Zone delegation
o Active Directory-integrated zone
o Stub zone
o Conditional forwarding
o Forwarders
o Root hints
o Root zone
o Primary read-only zone
o Background zone loading
o Reverse lookup zone
o Dynamic DNS
o Caching-only server
o Link-Local Multicast Name Resolution (LLMNR)
o HOSTS file
Goals for DNS namespace design
Methods for accomplishing DNS namespace goals:
o Same internal and external domain name
o Different internal and external domain names
o External domain name with an internal subdomain
Students will learn how to:


Create and configure DNS zones.
Implement DNS solutions to customize name resolution for a branch
office.
Windows Server 2008 Enterprise Administrator Objectives


101. Plan for name resolution and IP addressing.
302. Design the branch office deployment.
Lecture Focus Questions:

What are the advantages of using Active Directory-integrated zones over
primary or secondary zones?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
5





What is the replication scope and how does it control the availability of
DNS zone data?
When should you use conditional forwarding instead of a standard
forward?
What is the difference between a stub zone and a forwarder? Which one
is dynamic?
When using internal and external DNS, what are the three possible
scenarios for the DNS namespace? What are the advantages and
disadvantages of each of the three methods?
What are the goals of any split namespace design?
Video/Demo
Time
1.2.1 DNS Zone Design
13:04
1.2.2 Namespace Design
19:52
1.2.5 Implementing DNS Solutions
15:23
Total
48:19
Lab/Activity


Configure Name Resolution
Implement a Namespace Strategy
Number of Exam Questions
10 questions
Total Time
About 75 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
6
Section 1.3: Single-label Name Resolution
Summary
This section discusses strategies to provide single-label name resolution:




GlobalNames zone
Link-Local Multicast Name Resolution (LLMNR)
HOSTS file
Managing the GlobalNames zone
Students will learn how to:

Configure the GlobalNames zone to provide single-label name resolution.
Windows Server 2008 Enterprise Administrator Objectives

101. Plan for name resolution and IP addressing.
Lecture Focus Questions:





When would you use the GlobalNames zone?
What type of records do you create in the GlobalNames zone?
How can you extend the GlobalNames zone across multiple forests?
Which strategies can you use to provide single-label name resolution for
IPv6 hosts?
When will a Windows client use LLMNR? What limitations does relying on
LLMNR have?
Video/Demo
Time
1.3.1 GlobalNames Zone
1:41
1.3.2 Configuring the GlobalNames Zone
1:01
Total
2:42
Lab/Activity

Configure a GlobalNames Zone
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
7
Number of Exam Questions
2 questions
Total Time
About 15 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
8
Section 1.4: NPAS
Summary
In this section students will learn about the following role services that are
included in the Network Policy and Access Services (NPAS) to provide services
for configuring network access for LAN and remote clients:





Network Policy Server (NPS)
Remote Access Service
Routing
Health Registration Authority (HRA)
Host Credential Authorization Protocol (HCAP)
This section also discusses configuring a RADIUS solution:



RADIUS client
RADIUS server
RADIUS proxy
Students will learn how to:

Add Network Policy and Access Services role services based on server
requirements.
Windows Server 2008 Enterprise Administrator Objectives

102. Design for network access.
Lecture Focus Questions:





Which role service must you add to allow remote clients to access the
private network, and not just the resources on the remote access server?
Which role service do you add to configure network policies on a server?
Which specific implementation requires the Health Registration Authority
role service?
When using a RADIUS solution, where are network access policies
configured?
What is the difference between a RADIUS client and a remote access
client?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
9
Video/Demo
Time
1.4.1 NPAS
7:35
1.4.2 Adding NPAS Role Services
1:55
Total
9:30
Lab/Activity

Add Role Services for a RADIUS Server
Number of Exam Questions
2 questions
Total Time
About 20 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
10
Section 1.5: Remote Access
Summary
This section discusses the following concepts of remote access:







Supported VPN protocols:
o Point-to-Point Tunneling Protocol (PPTP)
o Layer Two Tunneling Protocol (L2TP)
o Secure Socket Tunneling Protocol (SSTP)
Implementing remote access for VPNs
Use the Network Policy Server console to configure network policies:
o Conditions
o Constraints
o Permissions
o Settings
Steps to the authentication process when a remote access connection is
requests
Considerations when designing firewalls to protect a network using
Using Secure Sockets Layer (SSL) to provide encryption of network traffic
between two devices.
Services that commonly use SSL:
o Web Server (IIS)
o Remote Desktop Gateway
o Forefront Threat Management Gateway (TMG)
o RPC over HTTP/S
Students will learn how to:



Configure a server for remote access, including configuring network
access policies.
Configure VPN ports on a remote access server.
Configure RADIUS servers and clients.
Windows Server 2008 Enterprise Administrator Objectives

102. Design for network access.
Lecture Focus Questions:


How do network policy constraints differ from conditions? When would you
use the same setting in a constraint instead of a condition?
Why does the policy application order affect whether or not clients can
connect to a remote access server?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
11




What advantages does using SSTP have over using either PPTP or L2TP
for a VPN connection?
What ports must you open in a firewall to allow SSTP?
What type of servers would you place inside a demilitarized zone (DMZ)?
Which type of servers are typically not located in the DMZ?
How can you prevent a client computer from showing a message that the
issuing CA is not trusted when using a self-signed certificate or a
certificate issued from your private CA?
Video/Demo
Time
1.5.1 Remote Access
10:46
1.5.5 Implementing Remote Access and SSL
11:13
Total
21:59
Lab/Activity

Configure a Remote Access Server
Number of Exam Questions
5 questions
Total Time
About 40 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
12
Section 1.6: NAP
Summary
This section discusses concepts about using Network Access Protection (NAP)
to regulate network access or communication based on a computer’s compliance
with health requirement policies. Details include:






Components that NAP uses:
o NAP client
o NAP server
o Enforcement Server (ES)
o Remediation Server
Enforcement point types:
o DHCP
o RD Gateway
o VPN
o 802.1x
o IPSec
Enforcement client
Logical networks you typically define when designing a NAP solution:
o Restricted
o Boundary
o Secure
Types of isolation configurations:
o Domain Isolation
o Server Isolation
Considerations when using IPSec
Students will learn how to:




Add the necessary role services to implement Network Access Protection
(NAP).
Enable NAP on an enforcement point.
Create domain and server isolation rules.
Configure system health validator and health policy settings.
Windows Server 2008 Enterprise Administrator Objectives

102. Design for network access.
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
13
Lecture Focus Questions:





How do remediation servers and auto-remediation help clients become
compliant?
What server role service do you add to configure a server as an
enforcement point for NAP?
How do you define the quarantine network when using 802.1x
enforcement?
Which enforcement method uses a Health Registration Authority (HRA)?
What type of communication occurs in the boundary network when using
IPsec enforcement?
Video/Demo
Time
1.6.1 NAP
10:47
1.6.2 Configuring NAP
11:15
Total
22:02
Lab/Activity

Add Role Services for NAP
Number of Exam Questions
8 questions
Total Time
About 40 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
14
Section 1.7: Remote Desktop Services
Summary
This section discusses facts about using Remote Desktop Services. Concepts
include:


Role services included in Remote Desktop (RD) with Windows Server
2008 R2:
o RD Session Host
o RD Virtualization Host
o RD Licensing
o RD Connection Broker
o RD Gateway
o RD Web Access
Using the Windows System Resource Manager (WSRM) to allocate
resources on the session host.
Students will learn how to:




Add Remote Desktop Services role services to meet server requirements.
Configure session hosts as part of a RD Connection Broker farm.
Activate the licensing server and add licenses.
Control user and session resource use with WSRM.
Windows Server 2008 Enterprise Administrator Objectives

104. Plan for Remote Desktop Services.
Lecture Focus Questions:




Which Remote Desktop Services role service(s) enables access through
the Internet past most firewalls?
Which ports are used by RD Web Access?
What is the difference between a per-user license and a per-device
license? When would a per-device license be a better choice?
What is the difference between the equal per user profile and the equal
per session profile? How can a user overcome the restrictions enforced by
the equal per session profile?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
15
Video/Demo
Time
1.7.1 Remote Desktop
5:04
1.7.2 Windows System Resource Manager
3:22
1.7.3 Using Remote Desktop Services
9:20
Total
17:46
Lab/Activity


Add Remote Desktop Role Services
Configure an RD Licensing Server
Number of Exam Questions
11 questions
Total Time
About 40 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
16
Section 1.8: Application Delivery
Summary
This section presents information about application delivery. Details include:


Methods to simplify and centralize application deployment:
o Group Policy
o System Center Configuration Manager
o Application Server
o Remote Desktop Services
o Microsoft Application Virtualization (App-V)
Implementing multiple deployment methods
Students will learn how to:



Deploy software packages using Group Policy.
Make applications available using RemoteApp and RD Web Access.
Create .rdp and .msi files for RemoteApp applications.
Windows Server 2008 Enterprise Administrator Objectives

103. Plan for application delivery.
Lecture Focus Questions:








Which application deployment methods do not install applications on the
client computer?
What is the difference between publishing and assigning software using
Group Policy?
How is using System Center Configuration Manager similar to using
Group Policy for software distribution?
How do you add RemoteApp support to a session host?
What are the four ways you can use to make applications visible to remote
desktop clients? Which method requires no configuration on the client
computer?
How can you run applications using App-V without installing client
software on each computer?
Which application delivery solutions allow for running multiple versions of
the software at the same time on a client computer?
What are the different strategies you can use to run applications while
preventing conflicts on the client computer?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
17
Video/Demo
Time
1.8.1 Application Delivery
6:40
1.8.3 Deploying Applications
8:37
Total
15:17
Lab/Activity


Deploy Software with Group Policy
Configure Remote Applications
Number of Exam Questions
8 questions
Total Time
About 35 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
18
Section 2.1: Active Directory Design
Summary
This section examines guidelines for designing the following components of the
Active Directory logical structure:




Forest
Tree
Domain
Organizational Unit (OU)
Students will learn how to:


Create OUs based on departments or for delegated administration.
Delegate common administrative tasks for specific object types.
Windows Server 2008 Enterprise Administrator Objectives


201. Design Active Directory forests and domains.
203. Design the Active Directory administrative model.
Lecture Focus Questions:






Why should you assume that most Active Directory implementations will
have a single domain?
What are business and technical reasons for having multiple forests and
domains?
Why shouldn't you put much thought into planning trees in Active
Directory?
Why might you design a nearly empty forest root domain?
What should you use instead of domains in most cases to delegate
authority?
How does the principle of least privilege apply when delegating
administrative permissions?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
19
Video/Demo
Time
2.1.1 Logical Design
14:36
2.1.3 Designing the Active Directory Structure
10:38
Total
25:14
Lab/Activity

Delegate Administrative Control
Number of Exam Questions
2 questions
Total Time
About 35 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
20
Section 2.2: Functional Levels
Summary
In this section students will explore information about functional levels. They will
learn the following:




Features that are available at each of the following domain functional
levels:
o 2000 Native
o 2003
o 2008
o 2008 R2
Features that are available at each of the following forest functional levels:
o 2000 Native
o 2003
o 2008
o 2008 R2
Considerations when upgrading domain and functional levels
Features available by implementing Windows Server 2008
Students will learn how to:


Identify the current domain and forest functional levels.
Raise the functional levels of domains and forests.
Windows Server 2008 Enterprise Administrator Objectives

201. Design Active Directory forests and domains.
Lecture Focus Questions:






Which functional level is required to enable selective authentication?
Which functional level is required to enable the Active Directory Recycle
Bin?
Which forest functional level(s) allow you to rename domains?
Which features do you get by enabling a Windows Server 2008 or 2008
R2 functional level?
When would you raise the domain functional level?
What are the domain controller operating system requirements for raising
a domain functional level to Windows Server 2008 R2?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
21
Video/Demo
Time
2.2.1 Functional Levels
8:51
2.2.3 Upgrading Functional Levels
2:49
Total
11:40
Lab/Activity


Raise Functional Levels
Raise the Domain and/or Forest Levels
Number of Exam Questions
3 questions
Total Time
About 30 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
22
Section 2.3: Trusts
Summary
This section discusses the following details about trusts:



Characteristics of trusts:
o Direction of Trust
o Direction of Resource Access
o Transitivity
Types of trusts to create manually:
o Shortcut
o External
o Realm
o Forest
o Active Directory Federation Services (AD FS)
Authentication security settings that can be applied to trusts:
o Selective authentication
o Domain-wide authentication
o Forest-wide authentication
Students will learn how to:

Create external, shortcut, and forest root trusts.
Windows Server 2008 Enterprise Administrator Objectives



201. Design Active Directory forests and domains.
301. Plan for domain or forest migration, upgrade, and restructuring.
305. Plan for interoperability.
Lecture Focus Questions:






What is the difference between a one-way trust and a two-way trust?
Domain A trusts domain B. Users in which domain will be able to access
resources in which domain? What is the relationship between the direction
of trust and the direction of access?
What is a transitive trust? Which trust types are transitive by default?
When are trusts created automatically? What are the properties of those
trusts?
When should you use a shortcut trust?
What are the domain and forest functional level requirements for creating
a forest root trust? What type of trust would you use if you couldn't create
a forest root trust?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
23
Video/Demo
Time
2.3.1 Trusts
13:53
2.3.4 Creating Trusts
10:04
Total
23:57
Lab/Activity



Create a Shortcut Trust
Create a Forest Root Trust
Design Trusts
Number of Exam Questions
9 questions
Total Time
About 50 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
24
Section 2.4: Operations Masters
Summary
In this section students will become familiar with the following details about
operations masters:




The role of operation master roles (also referred to as Flexible SingleMaster Operation (FSMO) roles)
Operation master roles at the forest level:
o Schema Master
o Domain Naming Master
Operation master roles at the domain level:
o Relative ID (RID) Master
o Primary Domain Controller (PDC) Emulator
o Infrastructure Master
Facts about managing operations master roles
Students will learn how to:


Transfer operations master roles among domain controllers.
Seize an operations master role in the case of a failed master.
Windows Server 2008 Enterprise Administrator Objectives

202. Design the Active Directory physical topology.
Lecture Focus Questions:








What is the purpose of an operations master role server?
What is the function of a PDC emulator? What does the infrastructure
master do?
Which operations master roles are located at the forest level? How many
of these roles are there in a forest?
How many domain operations masters are in a forest?
You are installing a new domain controller in a new domain in an existing
forest. How many operations master roles will that server hold?
What might happen if the RID master becomes unavailable?
Which role(s) should be placed on a global catalog server? Which roles
should not?
What is the difference between transferring a role and seizing a role?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
25
Video/Demo
Time
2.4.1 Operations Masters
4:40
2.4.2 Managing Operations Masters
6:49
Total
11:29
Lab/Activity



Transfer RID and PDC Masters
Transfer the Infrastructure Master
Troubleshoot Operations Masters
Number of Exam Questions
3 questions
Total Time
About 35 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
26
Section 2.5: Sites
Summary
In this section students will learn how Active Directory uses sites and subnets to
represent the physical layout of the network to optimize and customize replication
traffic. Details include:



Objects that Active Directory uses to represent the physical structure of
the network and to control replication traffic:
o Subnet
o Site
o Site link
o Site link bridge
o Bridgehead server
o Global catalog/Universal Group Membership Caching
Types of replication:
o Intrasite
o Intersite
Design considerations when implementing sites:
o Replication protocol
o Preferred bridgehead server
o Replication frequency
o Link costs
o Site link bridging
o Global catalog/Universal Group Membership Caching
Students will learn how to:




Create sites and subnets. Move servers into sites.
Create site links and configure site link properties to customize replication.
Customize intersite and intrasite replication frequencies and schedules.
Designate preferred bridgehead servers.
Windows Server 2008 Enterprise Administrator Objectives

202. Design the Active Directory physical topology.
Lecture Focus Questions:





What is the purpose of a site link?
What is the purpose of a site link bridge?
What are the differences between intrasite and intersite replication?
What does a site link cost do?
When would you use the SMTP protocol for replication?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
27


What is the function of the bridgehead server?
How is a preferred bridgehead server determined?
Video/Demo
Time
2.5.1 Physical Design
13:47
2.5.2 Implementing the Site Design
11:04
Total
24:51
Lab/Activity


Manage Sites and Subnets
Configure Intersite Replication
Number of Exam Questions
12 questions
Total Time
About 55 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
28
Section 2.6: Groups
Summary
In this section students will learn how to use groups to make permission
assignments easier. Details include:






The membership and use of the following security group scopes:
o Global
o Domain Local
o Universal
Types of groups
o Security group
o Distribution group
Recommended approaches to managing users, groups and permissions:
o UGLR
o UGULR
o URL
Conditions in which to use universal groups
Using Restricted Group policies
Concerns when granting administrative privileges
Students will learn how to:

Implement a group strategy following Microsoft's recommendations for
group membership and nesting.
Windows Server 2008 Enterprise Administrator Objectives

203. Design the Active Directory administrative model.
Lecture Focus Questions:





What are the advantages of using groups when setting permissions?
What type of objects can be made members of a universal group? A
domain local group?
Based on Microsoft's recommendations, which group scope is added to
the ACL for an object and assigned the permissions?
Based on Microsoft's recommendations, which group scope type would
you use to add user accounts as members?
When is it appropriate to use universal groups? In which scenarios are
they unnecessary?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
29
Video/Demo
Time
2.6.1 Groups
7:57
2.6.2 Managing Groups
9:40
Total
17:37
Lab/Activity

Implement a Group Strategy
Number of Exam Questions
10 questions
Total Time
About 40 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
30
Section 2.7: Group Policy
Summary
This section discusses the following details about using Group Policy:




Group Policy inheritance
Methods to customize how GPO settings are applied:
o Block inheritance
o Enforced
o Loopback processing
o WMI filtering
o GPO permissions
Guidelines when using OUs to deploy GPOs
Methods to use templates when creating new GPOs:
o Administrative Templates
o Starter GPOs
o GPO copy or import
Students will learn how to:




Link GPOs to appropriate objects to take advantage of inheritance.
Customize Group Policy application using block inheritance and no
override.
Use GPO permissions to limit the application of GPOs.
Configure WMI filters and loopback processing.
Windows Server 2008 Enterprise Administrator Objectives

204. Design the enterprise-level group policy strategy.
Lecture Focus Questions:







How does inheritance affect Group Policy settings?
What are the advantages of the .admx file format?
What is the Administrative Template central store? What advantages do
you gain by enabling the central store?
What is the difference between using a starter GPO and copying an
existing GPO?
If a setting is configured in a GPO linked to the domain and a GPO linked
to an OU, which setting will be in effect?
If there is more than one group policy linked to a domain, what controls
the order of application?
How is the Block Inheritance setting affected by the No Override
setting?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
31

How does loopback processing affect computer settings?
Video/Demo
Time
2.7.1 Group Policy
26:19
2.7.4 Managing Group Policy
16:35
Total
42:54
Lab/Activity


Control GPO Inheritance
Configure GPO Permissions
Number of Exam Questions
9 questions
Total Time
About 65 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
32
Section 2.8: Authentication
Summary
This section provides information about solutions to customize Active Directory
authentication:




Account Policies
Smart card
Fine-grained password policies
Authorization Manager
Students will learn how to:


Configure and manage Account Policy settings.
Use ADSI Edit to configure fine-grained password policy settings.
Windows Server 2008 Enterprise Administrator Objectives

204. Design the enterprise-level group policy strategy.
Lecture Focus Questions:




What happens when you configure Account Policies settings in a GPO
linked to an OU?
How can you configure different account policy settings for different
users?
Which object types can you associate with a fine-grained password
policy?
A user has a fine-grained password policy applied directly to the user
account, and a different policy applied to a group of which the user is a
member. Which policy will be in effect?
Video/Demo
Time
2.8.1 Authentication
5:26
2.8.3 Configuring Authentication
9:47
Total
15:13
Lab/Activity


Configure Account Policies
Create a Fine-grained Password Policy
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
33
Number of Exam Questions
3 questions
Total Time
About 30 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
34
Section 3.1: Upgrade and Migration
Summary
In this section students will learn the basics of performing upgrades and
migrations. Details include:



Tools to perform migration tasks:
o Active Directory Migration Tool (ADMT)
o Movetree
o Dsmove
o User State Migration Tool (USMT)
Considerations when managing migrations
Tools to prepare forest and domain support for Windows Server 2008:
o Adprep /forestprep
o Adprep /domainprep
o Adprep /rodcprep
Students will learn how to:

Prepare an existing forest and domain for installation of a Windows Server
2008 domain controller.
Windows Server 2008 Enterprise Administrator Objectives

301. Plan for domain or forest migration, upgrade, and restructuring.
Lecture Focus Questions:






Which forest and domain functional levels are required before installing a
Windows Server 2008 or Windows 2008 R2 domain controller?
When do you use the adprep /domainprep /gpprep command instead of
the adprep /domainprep command?
On which domain controller should you run the adprep /domainprep
command?
What is the difference between the Active Directory Migration Tool
(ADMT) and the User State Migration Tool (USMT)?
Which tool works only within a domain to move Active Directory objects?
When should you worry about preserving the SID history when migrating
objects?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
35
Video/Demo
Time
3.1.1 Upgrade and Migration
8:10
3.1.3 Adprep
9:59
3.1.5 Using Adprep
3:34
3.1.6 Using Migration Tools
2:32
Total
24:15
Number of Exam Questions
8 questions
Total Time
About 35 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
36
Section 3.2: Branch Office Design
Summary
This section covers basics about designing a branch office network to balance
resource access with WAN link use and security. Details include:


Considerations when planning a branch office network.
Considerations when implementing an RODC:
o Installation
o Active Directory replication
o Password caching
o Administrative role separation
Students will learn how to:


Pre-create RODC accounts in Active Directory.
Configure password caching and replication for an RODC.
Windows Server 2008 Enterprise Administrator Objectives

302. Design the branch office deployment.
Lecture Focus Questions:









How can you minimize WAN traffic when installing a domain controller in a
branch office?
When would you use Universal Group Membership Caching (UGMC)
instead of a global catalog server?
What advantages does using an RODC in a branch office have over using
a full domain controller? When would you need a full domain controller
instead of using an RODC?
What is the purpose of administrator role separation?
How does using an RODC allow for domain logon in the event of a WAN
link failure?
How can you protect data as it travels across the WAN link?
What advantages does a stub zone have over using conditional
forwarders? What advantages does using a forwarder have over a stub
zone?
What are the domain and forest functional level requirements for installing
an RODC?
What command would you run to prepare for installing a read-only domain
controller (RODC)?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
37
Video/Demo
Time
3.2.1 Branch Office Design
7:27
3.2.2 RODC
7:51
3.2.6 Installing an RODC
Total
10:53
26:11
Lab/Activity



Implement a Branch Office DNS Solution
Create RODC Accounts
Configure Password Caching
Number of Exam Questions
12 questions
Total Time
About 60 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
38
Section 3.3: PKI Design
Summary
This section discusses designing PKI solutions. The following concepts are
discussed:











Root CA
Subordinate CA
Role services that are used when installing AD CS on a server:
o Certification Authority
o Certification Authority Web Enrollment
o Online Responder
o Network Device Enrollment Service (NDES)
o Certificate Enrollment Web Service and Certificate Enrollment
Policy Web Service
Comparison of Standalone and Enterprise CA types
Common PKI infrastructure designs
o Offline standalone root CA with online enterprise subordinate CAs
o Internal PKI for internal certificates and a third-party CA for external
certificates
Autoenrollment
Key archival
Policy module
CRL Distribution Point (CDP)
Authority Information Access (AIA)
CA manager
Students will learn how to:

Add Certificate Services role services to meet the network requirements.
Windows Server 2008 Enterprise Administrator Objectives


302. Design the branch office deployment.
303. Design and implement public key infrastructure.
Lecture Focus Questions:




What are the advantages of using an enterprise CA over a standalone
CA?
How does Web enrollment differ from autoenrollment?
Which role service lets you centralize certificate revocation requests?
What advantages does this service provide over clients using CRLs?
What does the registration authority do when using NDES?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
39




Which servers are capable of using Suite B encryption?
Which certificate version is capable of using Suite B encryption?
What is the advantage of taking the root CA offline?
Why shouldn't you take an enterprise CA offline? How can you use an
offline root CA but still use enterprise CAs?
Video/Demo
Time
3.3.1 PKI Design
11:25
3.3.4 Implementing CAs and Certificates
11:32
Total
22:57
Lab/Activity


Add Role Services for AD CS 1
Add Role Services for AD CS 2
Number of Exam Questions
12 questions
Total Time
About 50 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
40
Section 3.4: Interoperability
Summary
In this section students will learn about interoperability between organizations.
Details include:


Solutions to manage authentication and resource access between
organizations:
o Trusts
o Active Directory Federation Services (AD FS)
o Forefront Identity Manager
Solutions for UNIX interoperability:
o Realm trust
o Identity Management for UNIX
o Subsystem for UNIX-based Applications (SUA)
o Services for Network Files System (NFS)
o LPR Port Monitor
Students will learn how to:


Configure trusts for inter-organizational authentication and authorization.
Add role services and features to support UNIX interoperability.
Windows Server 2008 Enterprise Administrator Objectives

304. Plan for interoperability.
Lecture Focus Questions:





What are the requirements for using a forest root trust?
What is the difference between an external trust and a realm trust?
What is a domain map used in UNIX? How can you configure a Windows
Server 2008 R2 domain controller to hold UNIX maps?
When would you use the Subsystem for UNIX-based Applications feature?
When would you use the LPR Port Monitor feature? When should it not be
used?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
41
Video/Demo
Time
3.4.1 Interoperability
4:45
3.4.2 Deploying Interoperability Solutions
4:49
Total
9:34
Lab/Activity


Add UNIX Integration Services 1
Add UNIX Integration Services 2
Number of Exam Questions
6 questions
Total Time
About 30 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
42
Section 4.1: High Availability
Summary
This section provides the basics of providing high availability through Network
Load Balancing and Failover Clustering. Students will also learn about the
following:




Comparison of the characteristics of Network Load Balancing (NLB) and
Failover Clustering
The NLB cluster is identified with a shared IP address
o Port rules
o Port rule filter modes
 Multiple host
 Single host
 Disable this port range
o Client affinity settings:
 Single
 Network
o Lowest host ID (also called the host priority number)
Implementing Network Load Balancing (NLB)
Implementing Failover Clustering
o Failback (also called fallback)
o Ways services and application running on cluster members are
configured:
 Single-instance
 Multiple-instance
o Quorum modes:
 Node Majority
 Node and Disk Majority
 Node and File Share Majority
 No Majority: Disk Only
o NIC teaming
o Upgrading cluster node
Windows Server 2008 Enterprise Administrator Objectives


401. Plan for business continuity.
404. Design for data management and data access.
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
43
Lecture Focus Questions:






How is Failover Clustering different from NLB?
Which application types are best used with NLB and not failover
clustering?
What happens to traffic not identified by a port rule? How can you control
which cluster host responds?
Which client affinity option should you use when clients connect to a NLB
cluster using multiple proxy servers?
Which quorum mode should be used if you have an even number of
cluster hosts? Why?
Which quorum mode allows the cluster to continue operating even if only
one cluster host is still available?
Video/Demo
Time
4.1.1 NLB and Clustering
6:24
4.1.2 Managing NLB and Failover Clustering
5:33
Total
11:57
Number of Exam Questions
9 questions
Total Time
About 25 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
44
Section 4.2: AD DS Recovery
Summary
This section discusses the following methods for designing and implementing
recovery for Active Directory:





Nonauthoritative restore
Authoritative restore
Active Directory Recycle Bin
System state backups
View snapshots
Students will learn how to:


Add Windows Server Backup to your server.
Perform an authoritative restore of Active Directory objects.
Windows Server 2008 Enterprise Administrator Objectives

401. Plan for business continuity.
Lecture Focus Questions:




What is the difference between an authoritative and a nonauthoritative
restore?
How can snapshots help you preserve Active Directory data? Why are
they not as useful as a backup when you need to restore large numbers of
objects?
Which backup type should you perform if you want to back up the Active
Directory database?
Which forest functional level is required to enable the Active Directory
Recycle Bin?
Video/Demo
Time
4.2.1 AD DS Recovery
5:13
4.2.2 Recovering Active Directory
2:50
Total
8:03
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
45
Number of Exam Questions
3 questions
Total Time
About 10 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
46
Section 4.3: Update Infrastructure
Summary
This section explores updating the infrastructure of your system. The following
concepts are covered:


Solutions for keeping a system up to date:
o Windows Update
o Microsoft Update
o Windows Server Update Services (WSUS)
Considerations when designing an update solution
Students will learn how to:


Configure a client for automatic updates.
Configure a replica WSUS server.
Windows Server 2008 Enterprise Administrator Objectives

402. Design for software updates and compliance management.
Lecture Focus Questions:





What is the difference between Windows Update and Microsoft Update?
How do clients receive updates in the absence of WSUS? What are the
disadvantages that this method poses for your network?
When should you deploy multiple independent WSUS servers? How is this
configuration similar to a single WSUS server?
How would you deploy WSUS when an Internet connection is not allowed
for an isolated network?
What is the difference between synchronizing updates, downloading
updates, and approving updates?
Video/Demo
Time
4.3.1 Patch management
5:35
4.3.3 Managing Updates
3:23
Total
8:58
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
47
Lab/Activity

Configure a Downstream Server
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
48
Section 4.4: Auditing
Summary
This section examines auditing. Details include:






Microsoft tools used for security auditing:
o Microsoft Baseline Security Analyzer (MBSA)
o Security Configuration (SCW)
o Security Configuration and Analysis snap-in
o Microsoft Security Assessment Tool (MSAT)
o Audit Policy
o Snapshots
Types of events to log:
o Audit Success
o Audit Failure
Audit policies configurable through Group Policy in Windows Server 2008:
o Account logon
o Account management
o Directory service access
o Logon
o Object access
o Policy change
o Privilege use
o Process tracking
o System
Details about the advanced audit policy configuration
Steps to configure auditing:
o Enable auditing in the local security policy or Group Policy
o Configure auditing on specific objects
Guidelines when designing auditing
o Audit only what’s necessary
o Design periodic reviews of audit logs
o Archive audit logs
o Identify actions that should always be audited
o For investigative and evidentiary reasons, make sure that all
pertinent events are recorded to the Security log
Students will learn how to:


Use the Security Configuration Wizard (SCW) to customize server security
and create security policies.
Use the Microsoft Security Baseline Analyzer (MBSA) to scan computer
security settings.
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
49
Windows Server 2008 Enterprise Administrator Objectives

402. Design for software updates and compliance management.
Lecture Focus Questions:








Which tools can you use to make changes to the system configuration and
export your settings to customize multiple servers at once?
What types of system vulnerabilities can you find with MBSA?
Which tool helps you assess your organization-wide security and makes
recommendations based on industry-accepted standards?
What is the difference between auditing for success and auditing for
failure?
What additional step must you complete in order to audit NTFS file
access?
How can you configure auditing to track changes to Active Directory
objects?
What are the results of excessive auditing?
How can snapshots be used for auditing purposes?
Video/Demo
4.4.1 Compliance and Auditing
4.4.2 Using Security Analysis Tools
4.4.3 Advanced Audit Policies
Total
Time
5:40
11:10
5:27
22:17
Number of Exam Questions
5 questions
Total Time
About 35 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
50
Section 4.5: Virtualization
Summary
This section provides information about using virtualization to run multiple virtual
computers on a single physical system. Hyper-V is the virtualization solution for
Windows Server 2008 and 2008 R2. Concepts covered include:






Features supported by Hyper-V
Additional features supported by Hyper-V on Windows Server 2008 R2
with SP1
Details when installing and configuring virtual machines
Virtual disk types that Hyper-V uses:
o Fixed
o Dynamically expanding
o Differencing
o Physical disk
Network communication of virtual machines:
o External
o Internal
o Private
o No network
The role of the following tools when managing virtual machines:
o System Center Operations Manager (SCOM)
o System Center Virtual Machine Manager (SCVMM)
 Migration
 Virtual-to-virtual conversion
 Physical-to-virtual conversion
o Hyper-V Manager
o Windows System Resource Manager (WSRM)
o Microsoft Assessment and Planning (MAP) toolkit
Windows Server 2008 Enterprise Administrator Objectives

403. Design the operating system virtualization strategy.
Lecture Focus Questions:




What is disk pass-through? What does this allow you to do when
configuring virtual machines?
Which virtual disk type offers the best performance? Which type minimizes
disk space use?
What is the difference between an internal virtual network and a private
virtual network?
When would you need to use a legacy virtual network adapter?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
51



What advantages does using System Center VMM have over using
Hyper-V Manager?
What is the difference between migration and conversion of virtual
machines?
Which conversion scenario requires that the source machine be offline
during the conversion process? Why?
Video/Demo
4.5.1 Virtualization
Time
5:25
Number of Exam Questions
8 questions
Total Time
About 15 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
52
Section 4.6: Data Security and Access
Summary
This section provides details about the security and access of data. The
following elements are discussed:


Solutions for designing security and availability for data access:
o NTFS permissions
o Encrypting File System (EFS)
o BitLocker
o Active Directory Rights Management Services (AD RMS)
o Distributed File System (DFS)
o File Server Resource Manager (FSRM)
o Storage Area Network (SAN)
Implementing a DFS solution:
o Namespace
 Standalone
 Domain-based
o Folders
o Folder target
o DFS Replication and Remote Differential Compression (RDC)
o Comparison of iSCSI and Fibre Channel
Students will learn how to:


Add role services as required to support DFS.
Create a DFS namespace with folders and targets.
Windows Server 2008 Enterprise Administrator Objectives

404. Design for data management and data access.
Lecture Focus Questions:





What are the main differences between EFS and BitLocker?
Which encryption feature encrypts system files?
What functions are performed by the Trusted Platform Module (TPM)?
What BitLocker features are only available when using a TPM?
Which data access feature can you use to control file access for files that
are copied or shared outside of your organization?
What is the difference between the namespace root and a folder within
DFS?
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
53



If you have multiple namespace servers, which namespace type should
you implement?
Which namespace type and mode would you choose to support accessbased enumeration?
If you have a single namespace server and that server fails, what happens
to client access for folders within the DFS structure? Why?
Video/Demo
Time
4.6.1 Data Security
4:55
4.6.2 Implementing Data Security
7:17
4.6.3 Accessibility and Redundancy
6:56
4.6.4 Implementing DFS and FSRM
6:40
4.6.5 SAN Solutions
2:13
Total
28:01
Lab/Activity


Add Role Services for Replication
Create a DFS Structure
Number of Exam Questions
18 questions
Total Time
About 60 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
54
Section 4.7: Collaboration
Summary
In this section students will learn about using SharePoint to provide collaboration
tools and a platform for developing Web-based applications. Details include:



SharePoint collaboration tools:
o SharePoint Foundation 2010
o SharePoint Server 2010
Basic options when deploying Sharepoint:
o Standalone configuration
o Server Farm configuration
Components used when using SharePoint:
o Microsoft SharePoint 2010 Product Preparation Tool
o Site collection
o Document library
o Web part
o E-mail
o Active Directory Rights Management Services (AD RMS)
Windows Server 2008 Enterprise Administrator Objectives

404. Design for data management and data access.
Lecture Focus Questions:




What additional features do you get with SharePoint Server 2010
compared to SharePoint Foundation 2010?
What are the requirements for using multiple Sharepoint servers in a
farm?
When would you use the internal database for Sharepoint?
What feature would you use in conjunction with SharePoint to increase the
security on shared content?
Video/Demo
Time
4.7.1 Collaboration
2:31
4.7.2 Comparing Collaboration Solutions
5:12
Total
7:43
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
55
Number of Exam Questions
4 questions
Total Time
About 15 minutes
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
56
Practice Exams
Summary
This section provides information to help prepare students to take the exam and
to register for the exam.
Students will also have the opportunity of testing their mastery of the concepts
presented in this course to reaffirm that they are ready for the certification exam.
For example, all questions that apply to Objective 100. Network and
Application Services are grouped together and presented in practice exam 100.
Network and Application Services, All Questions. Students will typically take
about 60-90 minutes (there is no time limit) to complete each of the following
practice exams.
100. Network and Application Services, All Questions (52 questions)
200. Core Identity and Access, All Questions (52 questions)
300. Support Identity and Access Management, All Questions (36 questions)
400. Business Continuity and Data Availability, All Questions (51 questions)
Case Studies: All Questions (36 questions)
The Certification Practice Exam consists of 50 questions that are randomly
selected from the above practice exams. Each time the Certification Practice
Exam is accessed different questions may be presented. The Certification
Practice Exam has a Total Time limit of 2 hours and 40 minutes -- just like the
real certification exam. A passing score of 95% should verify that the student has
mastered the concepts and is ready to take the real certification exam.
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
57
Appendix A: Approximate Time for the Course
The total time for the LabSim for Microsoft’s Windows Server 2008 Enterprise
Administrator Exam 70-647 course is approximately 21 hours and 32 minutes.
The time is calculated by adding the approximate time for each section which is
calculated using the following elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes assigned per simulation)
Questions (1 minute per question)
The breakdown for this course is as follows:
Module
Sections
Time
Minute HR:MM
1.0 Deployment
1.1 IP Addressing
1.2 Name Resolution
1.3 Single-label Name Resolution
1.4 NPAS
1.5 Remote Access
1.6 NAP
1.7 Remote Desktop Services
1.8 Application Delivery
55
75
15
20
40
40
40
35
320
5:20
35
30
50
35
55
40
65
30
340
5:40
35
60
50
30
175
2:55
2.0 Network Infrastructure
2.1 Active Directory Design
2.2 Functional Levels
2.3 Trusts
2.4 Operations Masters
2.5 Sites
2.6 Groups
2.7. Group Policy
2.8 Authentication
3.0 File and Print
3.1 Upgrade and Migration
3.2 Branch Office Design
3.3 PKI Design
3.4 Interoperability
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
58
4.0 Remote Desktop Services
4.1 High Availability
4.2 AD DS Recovery
4.3 Update Infrastructure
4.4 Auditing
4.5 Virtualization
4.6 Data Security and Access
4.7 Collaboration
25
10
20
35
15
60
15
180
3:00
277
4:37
1292
21:32
Practice Exams
100. Network and Application Services (52 ques.)
200. Core Identity and Access (52 questions)
300. Support Identity and Access Mgmt. (36
ques.)
400. Business Continuity and Data Avail. (51
ques.)
Case Studies: (36 questions)
Certification Practice Exam (50 questions)
52
52
36
51
36
50
Total
Time
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
59
Appendix B: Changes to the 647 Course for 2008 R2
Instructors who have taught the previous LabSim version of this course may find
the following information valuable. This report details all the changes that were
made from the previous course such as:




A new video, demo or text that has been created
A video, demo or text that has been updated
New questions that have been added to a section
A new section that has been added to a module
Section
All
1.3
1.6
1.7
1.8
2.2
4.2
4.4
4.5
4.7
Practice
Exams
Changes
Videos and demos added closed captioning
Simulations updated to Windows Server 2008 R2 and Silverlight
Questions and text updated to Windows Server 2008 R2
1.3.1 New Video: GlobalNames Zone
1.3.2 Updated Demo: Configuring a GlobalNames Zone
1.3.3 Updated Text: Single-label Name Resolution Facts
1.3.4 New Sim: Configure a GlobalNames Zone
1.6.2 Update Demo: Configuring NAP
1.7.1 New Video: Remote Desktop Service
1.7.2 New Video: Windows System Resource Manager
1.7.3 New Demo: Using Remote Desktop Services
1.7.4 Updated Text: Remote Desktop Services Facts
1.8.1 Updated Video: Application Delivery
1.8.2 Updated Text: Application Delivery Facts
1.8.3 Updated Demo: Deploying Applications
2.2.2 Updated Text: Functional Level Facts
4.2.3 Updated Text: Active Directory Recovery Facts
4.4.3 New Video: Advance Auditing Policies
4.5.2 Updated Text: Virtualization Facts
4.7.1 Updated Video: Collaboration
4.7.2 Updated Demo Comparing Collaboration Solutions
4.7.3 Updated Text: Collaboration Solutions Facts
New Exam: Case Studies, All Questions
New Question Type: Select Correct Tasks and Place them in Order
New Questions: Case Study Questions in Certification Practice Exam
©2011 TestOut Corporation (Rev 12/11)
Windows Server 2008 Enterprise Administrator (70-647)
60